From 97640c9b107b8213e9b1518f62f5927058a86c28 Mon Sep 17 00:00:00 2001 From: kenjis Date: Thu, 24 Feb 2022 09:11:31 +0900 Subject: [PATCH 1/2] fix: forceGlobalSecureRequests break URI schemes other than HTTP --- system/HTTP/URI.php | 5 ++++- tests/system/HTTP/URITest.php | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/system/HTTP/URI.php b/system/HTTP/URI.php index 70305ae5864c..2fe9b430213a 100644 --- a/system/HTTP/URI.php +++ b/system/HTTP/URI.php @@ -586,7 +586,10 @@ public function __toString(): string $baseUri = new self($config->baseURL); // If the hosts matches then assume this should be relative to baseURL - if ($this->getHost() === $baseUri->getHost()) { + if ( + substr($this->getScheme(), 0, 4) === 'http' + && $this->getHost() === $baseUri->getHost() + ) { // Check for additional segments $basePath = trim($baseUri->getPath(), '/') . '/'; $trimPath = ltrim($path, '/'); diff --git a/tests/system/HTTP/URITest.php b/tests/system/HTTP/URITest.php index 8536fcc7c801..a4faacfbdd80 100644 --- a/tests/system/HTTP/URITest.php +++ b/tests/system/HTTP/URITest.php @@ -985,4 +985,20 @@ public function testCreateURIString() $this->assertSame($expected, $uri); } + + /** + * @see https://github.com/codeigniter4/CodeIgniter4/issues/5728 + */ + public function testForceGlobalSecureRequestsAndNonHTTPProtocol() + { + $config = new App(); + $config->forceGlobalSecureRequests = true; + $config->baseURL = 'https://localhost/'; + Factories::injectMock('config', 'App', $config); + + $expected = 'ftp://localhost/path/to/test.txt'; + $uri = new URI($expected); + + $this->assertSame($expected, (string) $uri); + } } From 7c74eae490a92c7b3827d4a76ac31409919e4dd1 Mon Sep 17 00:00:00 2001 From: kenjis Date: Thu, 24 Feb 2022 10:33:31 +0900 Subject: [PATCH 2/2] refactor: extract the logic to be deprecated --- system/HTTP/URI.php | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/system/HTTP/URI.php b/system/HTTP/URI.php index 2fe9b430213a..e0a6ff9f2386 100644 --- a/system/HTTP/URI.php +++ b/system/HTTP/URI.php @@ -581,11 +581,30 @@ public function __toString(): string $path = $this->getPath(); $scheme = $this->getScheme(); + // If the hosts matches then assume this should be relative to baseURL + [$scheme, $path] = $this->changeSchemeAndPath($scheme, $path); + + return static::createURIString( + $scheme, + $this->getAuthority(), + $path, // Absolute URIs should use a "/" for an empty path + $this->getQuery(), + $this->getFragment() + ); + } + + /** + * Change the path (and scheme) assuming URIs with the same host as baseURL + * should be relative to the project's configuration. + * + * @deprecated This method will be deleted. + */ + private function changeSchemeAndPath(string $scheme, string $path): array + { // Check if this is an internal URI $config = config('App'); $baseUri = new self($config->baseURL); - // If the hosts matches then assume this should be relative to baseURL if ( substr($this->getScheme(), 0, 4) === 'http' && $this->getHost() === $baseUri->getHost() @@ -604,13 +623,7 @@ public function __toString(): string } } - return static::createURIString( - $scheme, - $this->getAuthority(), - $path, // Absolute URIs should use a "/" for an empty path - $this->getQuery(), - $this->getFragment() - ); + return [$scheme, $path]; } /**